Vista: A False Sense of Security?

TechNewsWorld, CA - Feb 2, 2007

Aiming to improve security in its new operating system, Microsoft has endowed Vista's kernel with highly restricted access, locking out hackers and malware purveyors. It may have locked out other security software as well. That's not good, say competing manufacturers, who say Vista's security system alone is not enough.

With the first shipments of the new Microsoft (Nasdaq: MSFT) Vista operating system still lingering on store shelves, many consumers may not yet be sure whether Vista's much ballyhooed security enhancements will make them less vulnerable to virus, adware and spyware infections. Microsoft claims its restricted access to the operating system's kernel will lock out hackers and malware purveyors.

However, some security experts and third-party antivirus vendors claim that the only thing Microsoft has locked out of its new operating system is competing security products. These vendors worry that consumers, who often are the weak link in maintaining adequate computer security, will be lulled into complacency, believing that Vista will make other security efforts unnecessary.

"We have concerns about Vista and security. We've been following Vista for the last year. What Microsoft wanted to do was block everything -- good or bad -- at the kernel level," Sanjay Pradhan, CEO of Max Secure Software, told TechNewsWorld. "But this is a flawed view. You think you can block everybody out. Hackers have already started finding ways to get in. Microsoft's products are scoring on the low end of the market. It's not very good."

Security will remain an issue with Vista, agrees Andy Vandamia, director of software marketing for computer security firm AuthenTec . However, Vandamia does not see Vista's built-in security products having an adverse impact on third-party security vendors.

"While Microsoft has made major progress in improving overall security in Vista, it does not provide a complete secure computing environment," Vandamia said. "The bulk of Microsoft's Vista security improvements are based on the assumption that the computer is physically secure. Portable computing platforms are designed to move freely between physically safe corporate computing areas and completely unsafe and very public locations."

Weakness Found
Computer security firm Webroot Software reported on Jan. 25 that its testing revealed significant holes in Vista's security shields. According to Webroot, its tests on Vista's security showed it to have ineffective blocking capabilities and weak antivirus capabilities in the default anti-spyware and antivirus components within the new operating system. Problems were also found in Microsoft's Live OneCare security suite.

For instance, Webroot said Windows Defender failed to block 84 percent of a testing sample set that included 15 of the most common variations of existing spyware and malware. Also, Windows Defender did not perform at the level of many third-party security applications .

Webroot said that Microsoft Vista permitted a variety of threats, including adware, potentially unwanted programs (PUPs), system monitors, key loggers and Trojans, to reside on the testing environment undetected.

Microsoft's additional charge to Vista users for antivirus protection through a subscription, is a potential weakness in security. Consumers may be unwilling to make that purchase.

Blocking Strategy
Microsoft's attempts to block out third-party vendors raises fairness questions, according to Max Secure's Pradhan. However, he believes that strategy will be short-lived.

"Microsoft should have learned that approach is not the best way to go. I see Microsoft changing because consumers will see that they do have a choice," he said. "Microsoft is offering a system that is flawed. Consumers will force Microsoft to open up the kernel access when infections and attacks continue."

Marco Peretti, CEO of BeyondTrust, does not see Microsoft's decision to lock down access to the Vista kernel all that detrimental. He said Microsoft has made accessing the the kernel in the 32-bit version of Vista more difficult than in Windows XP.

"Microsoft is blocking the kernel only on 64-bit, not the 32-bit, platforms. To Microsoft the 64-bit Vista is the future," Peretti noted, adding that 2007 and 2008 will see the mainstream adoption of the 64-bit Vista operating system.

Lockdown Issue
The problem comes with Vista 64-bit, which utilizes patch-guard, according to John Safa, security expert and the chief architect at DriveSentry. This prevents programs patching the key system functions, which are used by hackers to create rootkits.

These same functions are also patched by security vendors to detect threats, which they are now unable to do, Safa claimed. Microsoft has said that it intends to provide access to security vendors of Vista 64-bit by the time it releases Service Pack 1 for Vista. This could be some time away.

The fault for not developing strategies for dealing with Vista's 32-bit compatibility issues lies with third-party vendors, Safa contended.

Still, third-party security vendors are adapting their products to work with the kernel restrictions in the 32-bit OS version.

"There is no real reason why security vendors cannot have their product ready for Vista 32-bit," he said.

Not All Bad
Microsoft's new kernel approach is an improvement of sorts, according to Larry Biddell, vice president of Global Securities Strategies at Grisoft. Any time an OS maker wants to make a more secure system, it's a good thing, he said.

"Locking down the kernel is a good thing if it makes the kernel more secure than previous OS versions. But this doesn't mean the new OS will be totally secure," Biddell added.

He is not all that concerned about Microsoft entering into the security products space as a competitor. Since consumers and enterprise users always need more security layers, third-party products are not going to go away because of Vista, he predicted.

However, Biddell expects Microsoft to have some perception issues to overcome before customers will fully trust the built-in security measures in Vista.

"Vista-based security won't chase competitors away. This is not going to be the end of the road for us, just as Microsoft's introduction of the proxy server/firewall feature in Windows XP didn't chase away third-party vendors," Biddell explained.

Hacker Challenge
Safa views Microsoft's claim that it has locked down Vista as tantamount to issuing an open invitation to the hacking community to prove it wrong.

"There's real money to be made in this high stakes game, and the rules have completely changed," Safa noted. "Today's malware threat has evolved into a destructive force that outpaces even the best antivirus signatures, leaving consumers' personal data completely exposed to zero-day attacks."

The real issue is that individuals must start approaching security at the data level. They have to use products that will isolate malware before it can wreak havoc on their PCs, Safa concluded.